Cisco Support Community
Community Member

VLAN Audits

  What can be done to determine if a vlan interface is still needed on a LAN switch configuration


VLAN Audits

Do 'sh vlan' to check if any local switchports are using it on an access port.

Do 'sh int trunk' to see if the vlan is being trunked to another switch. If so, repeat the above step on that switch.

If the above two steps reveal the vlan is not being used then it should be save to shudown/ remove.



Re: VLAN Audits


Is this a Layer 2 or Layer 3 switch?

If it's Layer 2, then you'll need to check the SVI/IP GW on a router.

For a multilayer switch, you may use the 'show vlan brief' and 'show ip interface brief' commands.

Sent from Cisco Technical Support iPhone App


Re: VLAN Audits

Having had to do this activity many times in the past - I believe your best bet for commands are the following:

"show spanning-tree vlan x"

- This command will show you where the VLAN is configured on a currently active interface. For example - is it configured on a trunk uplink to another switch? Or an access port to a PC?

"show vlan brief"

- This command will show you which Access ports the VLAN has been assigned to. (Even if they are not currently active interfaces).

"show int trunks"

- This command will show you the list of VLANs that are allowed on a trunk. This will not only show you the "configured" list of VLANs, but also the list of VLANs that can actively participate on the trunk (because sometimes VTP pruning takes VLANs away without us ever knowing!)

The combination of these 3 commands should allow you to decide whether the particular VLAN is needed on any one switch and or if it needed on any downstream switches that may be relying on the switch as a middle-man.

Re: VLAN Audits

I would also add a show mac address-table vlan x to verify if any host is still on that vlan.



Sent from Cisco Technical Support iPhone App

Please rate all helpful posts "The more you help the more you learn"
CreatePlease to create content